Mathew J. Schwartz reports:
The ransomware landscape constantly changes, which can make it difficult to track which attackers are coming, going or simply rebranding.
One example is the DoppelPaymer – aka DopplePaymer – ransomware-as-a-service operation, which has gone relatively quiet since early May, posting no victims to its data leak site since May 6 and no leaked files since June 25. But one expert says the operation appears to have been rebranded by its operator, Evil Corp, in an attempt to avoid sanctions imposed on the crime group in December 2019 by the U.S. Treasury Department’s Office of Foreign Assets Control.
The Babuk ransomware operation also recently appears to have altered its approach – if not splintered – following its late-April ransomware attack against the Metropolitan Police Department of Washington, D.C.
Read more on BankInfoSecurity. Mathew has compiled a lot of educated guesses based on evidence that supports the claims of rebranding.
It will be interesting to see what happens next with these groups.